Walk the SNMP Walk

Knowing Simple Network Management Protocol (SNMP) is like knowing Ugandan;
useful in rare circumstances, but invaluable when you really need it.
Once you've invested the time in learning it, however, SNMP becomes a
very powerful data collection tool. I use SNMP for a variety of
tasks, from monitoring server health to justifying budget requests.
All BSDs can use SNMP agents and can make SNMP queries of other
network devices.

In a nutshell, SNMP lets you "read" information from a device. You
make a query of the server (generally known as the "agent"). The
agent gathers the information from the host system and returns the
answer to your SNMP client. It's like having a single interface for
all your informative Unix commands.

Alternately, a SNMP agent can allow you to write information to the
host system. If your system is properly (or improperly, depending on
your point of view) configured, you can issue commands via SNMP. This
"write" configuration is most commonly used in routers, switches, and
other network devices. Unix has its own configuration system and
doesn't usually let you issue instructions via SNMP. (Some daemons
might allow you to configure them via SNMP, and you can write shell
scripts to be called by setting a SNMP value, but those are special
cases.)

SNMP gives its information via a Management Information Base, or MIB.
MIBs are arranged in trees. If you're familiar with the BSD sysctl
mechanism, you won't have any trouble with MIBs.

MIBs are like directories; you have a broad top directory, with more
specific directories within. Similarly, the uppermost MIB contains a
variety of MIBs beneath it. MIBs are referred to by name or by
number. At times you'll see MIBs like:

interfaces.ifTable.ifEntry.ifOutErrors.1

That MIB is the same as

.1.3.6.1.2.1.2.2.1.20.1

The numerical MIB is longer than the word one. That's because the
numerical MIB includes the default .1.3.6.1.2.1, which means
.iso.org.dod.internet.mgmt.mib-2. Almost every MIB you encounter will
have this leading string, which is why nobody bothers writing it down
any more.

If you're in one of those kinky moods, you can even use:

.1.org.6.1.mgmt.1.interfaces.ifTable.1.ifOutErrors.1

Most SNMP tools prefer numerical MIBs. People prefer words. By the
end of this article, you can use whichever you prefer.
As usual, while my examples are written for FreeBSD, you can use them
on NetBSD or OpenBSD with only minor modifications.

Exact SNMP MIBs can vary from device to device, and with the agent
used. You'll want to check the documentation for your SNMP agent, or
your device, to see what MIBs are available.

The best SNMP agent for BSD is ucd-snmp.
It's small, extensible, and efficient. It's included as a FreeBSD
port (/usr/ports/net/ucd-snmp). This is a popular package, and
generally up-to-date. If it isn't current, the raw source of ucd-snmp
compiles well. The ucd-snmp folks are actively interested in FreeBSD
and quite responsive to useful problem reports, requests for help, or
(better still) patches.

Installing from source is simple; the standard ./configure && make &&
make install will do it for you. They even respect the FreeBSD
standard of installing under /usr/local. If you're installing on
NetBSD, you'll want to edit the makefile to install under /usr/pkg.

ucd-snmp includes not only a SNMP daemon, but also a tool to
examine the SNMP tree on other hosts. This "snmpwalk" package works
well on any sort of agent: I use my FreeBSD system to snmpwalk
routers, switches, other BSD machines, and even the occasional NT
system.

Using snmpwalk is very simple:

snmpwalk hostname community

The community is somewhat like a password. A SNMP agent makes
different information available to different communities. The agent
can also control access by IP address, so don't be too surprised if
you get different answers from different locations. Many network
administrators configure their systems so that a single SNMP
workstation gets full access to them, and others have restricted or
nonexistent access.

Try snmpwalk on a local system with SNMP running. You'll get a huge
pile of information. Try it again, this time redirecting the output
to a file. Look through it at your leisure; you might be surprised at
the amount of information the system offers via SNMP.

You can also make very specific queries via SNMP, simply by specifying
the portion of the tree you're interested in.

For example, checking the Windows NT documentation, the MIB
1.3.6.1.4.1.311.1.1.3.1.1.1.1 represents "available memory." You can
use snmpwalk to check this value without logging into the system:

snmpwalk fileserver public .1.3.6.1.4.1.311.1.1.3.1.1.1.1.0

enterprises.311.1.1.3.1.1.1.1.0 = 154447872

This makes even an NT system simple to monitor; you can easily write a
shell script to check various systems and notify you via e-mail or
pager if system memory falls below a certain amount. This is an
excellent way to begin using BSD in your company, especially as
commercial solutions for this run hundreds or thousands of dollars.

Specific queries such as this can be much simpler than logging into a
system and typing top, and they work on any system with an SNMP agent.
We'll use this later, to set up continuous monitoring of your systems.

Even if you don't set up SNMP monitoring on your own systems, being
able to use SNMP is a valuable asset to anyone responsible for
maintaining or troubleshooting network systems. With snmpwalk you can
gather far more information than you possibly can use, with a minimum
of effort.